The present invention is generally directed to cryptography and more specifically directed to computer implementation of a one-time pad cryptographic scheme.
The importance of secure communication has never been greater as increasing amounts of vital business and personal data are daily transmitted by electronic means. Encryption is the core of secure communication but the cryptographic techniques most widely relied upon today may soon be rendered obsolete by technological advances. Most of those techniques rely on the fact that some mathematical operations that are so computationally difficult as to render cryptanalysis a practical impossibility. But how computationally difficult an operation may be depends upon the power of computers available and it is generally anticipated that the advent of quantum computing will make it possible to execute many cryptological calculations in much shorter time periods, rendering existing ciphers breakable in practice. When the practical applications of quantum computers are discussed, code breaking is typically among the first mentioned.
Quantum cryptography is sometimes held out as the antidote to quantum code-breaking. The hope is that the phenomenon of quantum entanglement can be used to eliminate the possibility of third party eavesdropping. The problem is that while quantum computing is proceeding to practical reality very quickly, progress in the long distance, reliable entanglement required for quantum cryptography is proceeding very slowly. Moreover, even when Quantum cryptography is ready for practical use, deploying the technology will likely require a massive new communication infrastructure. So, while the first quantum computers have already be sold commercially, the prospects for practical quantum cryptography seem remote.
It is possible then that we are fast approaching what might be called a “cryptographic cliff”. A tipping point when, suddenly, no existing cipher method is reliably secure; a time when all the cryptographic walls we count on to protect us, come tumbling down. Private individuals will be left especially vulnerable to the early adopters of quantum computing who will likely be governments and large corporations.
However, the challenge of this new computing environment may be met by innovatively adapting one of the oldest techniques in cryptology: the one-time pad (OTP).
In OTP encryption each character from a plaintext message is encrypted to a ciphertext by a modular addition with a character from a secret random key (or pad) of the same length as the plaintext using successive characters in the pad. If the key is truly random, never reused in whole or part, and kept secret, it is demonstrably mathematically impossible to decipher the ciphertext without a copy of the pad. Because OTP encryption (sometimes called “the Vernam cipher”) adds no information to the enciphered text, only random noise, it represents a perfect, unbreakable encryption method. See, Shannon, Claude (1949), “Communication Theory of Secrecy Systems”. Bell System Technical Journal 28 (4): 656-715.
Despite its undisputed security, one-time pad cryptography faces notorious practical difficulties. First there is the problem of size and portability of storage. The pad must contain at least one character for each character that it encrypts or decrypts and each character may only be used once. The more data to be communicated, the larger the OTP must be. This problem is compounded by the number of communicants since each sender and recipient must maintain a different one-time-pad shared only between the two of them.
Another notorious vulnerability of one-time pad cryptography is the problem of the secure distribution of one-time pads: interception and copying of a pad by a third party will entirely compromise the security of the method.
To decrypt a message encrypted with an OTP it is not sufficient simply to possess a copy of that pad. It is also necessary to determine which segment of the sender's OTP was used for its encryption. If this location is not known or determinable the message will not be decipherable.
One solution to this problem would be for the sender and the recipient to each keep records of the last location the sender has used to encrypt a message and to increment these pointers by the length of each message sent and received. However a danger with this method is that the sender's record and the recipient's record might come to diverge. This might easily happen if, for example, a transmitted message failed to reach the recipient or was is corrupted, in respect of its length, en route. In that case the recipient's pointer would not be advanced and would fall out of synchronization with the sender's pointer; hence decryption of all subsequent messages would fail.
The inventor of US Patent Application 20100246811 discloses a method of using one-time pads to support a system of login passwords. In that invention a Service and its users possess one-time pads for the purpose of authenticating users to the system. The user and the Service retain a copy of a pad; to login in the user's system looks up a locally stored pointer into the one-time pad and transmits a sequence of the data it finds there to the Service. The Service looks up its own recorded pointer into its copy of the OTP pad and compares that to the transmitted sequence. If the sequences match the user is logged in and both the user and the Service must increment their records to point to a new location in the pad. The problems of synchronization with this method are clear. If the user's pointer and the systems should become out of synch it will be impossible for the user to log in.
What has been needed, and heretofore unavailable, is a system and method for providing secure and anonymous communication between a plurality of individuals. Such a system and method should be robust and unbreakable, even using quantum computers and appropriate software and techniques. The system and method should also provide for synchronization of the one-time pads of both the sender and recipient, and provide for refilling of the one-time pads when they are consumed through use. The present invention satisfies these, and other needs.